1 /*
2 * Public Key abstraction layer: wrapper functions
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46
47 #if !defined(MBEDTLS_CONFIG_FILE)
48 #include "mbedtls/config.h"
49 #else
50 #include MBEDTLS_CONFIG_FILE
51 #endif
52
53 #if defined(MBEDTLS_PK_C)
54 #include "mbedtls/pk_internal.h"
55
56 /* Even if RSA not activated, for the sake of RSA-alt */
57 #include "mbedtls/rsa.h"
58
59 #include <string.h>
60
61 #if defined(MBEDTLS_ECP_C)
62 #include "mbedtls/ecp.h"
63 #endif
64
65 #if defined(MBEDTLS_ECDSA_C)
66 #include "mbedtls/ecdsa.h"
67 #endif
68
69 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
70 #include "mbedtls/platform_util.h"
71 #endif
72
73 #if defined(MBEDTLS_PLATFORM_C)
74 #include "mbedtls/platform.h"
75 #else
76 #include <stdlib.h>
77 #define mbedtls_calloc calloc
78 #define mbedtls_free free
79 #endif
80
81 #include <limits.h>
82 #include <stdint.h>
83
84 #if defined(MBEDTLS_RSA_C)
rsa_can_do(mbedtls_pk_type_t type)85 static int rsa_can_do( mbedtls_pk_type_t type )
86 {
87 return( type == MBEDTLS_PK_RSA ||
88 type == MBEDTLS_PK_RSASSA_PSS );
89 }
90
rsa_get_bitlen(const void * ctx)91 static size_t rsa_get_bitlen( const void *ctx )
92 {
93 const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
94 return( 8 * mbedtls_rsa_get_len( rsa ) );
95 }
96
rsa_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)97 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
98 const unsigned char *hash, size_t hash_len,
99 const unsigned char *sig, size_t sig_len )
100 {
101 int ret;
102 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
103 size_t rsa_len = mbedtls_rsa_get_len( rsa );
104
105 #if SIZE_MAX > UINT_MAX
106 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
107 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
108 #endif /* SIZE_MAX > UINT_MAX */
109
110 if( sig_len < rsa_len )
111 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
112
113 if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
114 MBEDTLS_RSA_PUBLIC, md_alg,
115 (unsigned int) hash_len, hash, sig ) ) != 0 )
116 return( ret );
117
118 /* The buffer contains a valid signature followed by extra data.
119 * We have a special error code for that so that so that callers can
120 * use mbedtls_pk_verify() to check "Does the buffer start with a
121 * valid signature?" and not just "Does the buffer contain a valid
122 * signature?". */
123 if( sig_len > rsa_len )
124 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
125
126 return( 0 );
127 }
128
rsa_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)129 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
130 const unsigned char *hash, size_t hash_len,
131 unsigned char *sig, size_t *sig_len,
132 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
133 {
134 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
135
136 #if SIZE_MAX > UINT_MAX
137 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
138 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
139 #endif /* SIZE_MAX > UINT_MAX */
140
141 *sig_len = mbedtls_rsa_get_len( rsa );
142
143 return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
144 md_alg, (unsigned int) hash_len, hash, sig ) );
145 }
146
rsa_decrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)147 static int rsa_decrypt_wrap( void *ctx,
148 const unsigned char *input, size_t ilen,
149 unsigned char *output, size_t *olen, size_t osize,
150 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
151 {
152 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
153
154 if( ilen != mbedtls_rsa_get_len( rsa ) )
155 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
156
157 return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
158 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
159 }
160
rsa_encrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)161 static int rsa_encrypt_wrap( void *ctx,
162 const unsigned char *input, size_t ilen,
163 unsigned char *output, size_t *olen, size_t osize,
164 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
165 {
166 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
167 *olen = mbedtls_rsa_get_len( rsa );
168
169 if( *olen > osize )
170 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
171
172 return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
173 ilen, input, output ) );
174 }
175
rsa_check_pair_wrap(const void * pub,const void * prv)176 static int rsa_check_pair_wrap( const void *pub, const void *prv )
177 {
178 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
179 (const mbedtls_rsa_context *) prv ) );
180 }
181
rsa_alloc_wrap(void)182 static void *rsa_alloc_wrap( void )
183 {
184 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
185
186 if( ctx != NULL )
187 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
188
189 return( ctx );
190 }
191
rsa_free_wrap(void * ctx)192 static void rsa_free_wrap( void *ctx )
193 {
194 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
195 mbedtls_free( ctx );
196 }
197
rsa_debug(const void * ctx,mbedtls_pk_debug_item * items)198 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
199 {
200 items->type = MBEDTLS_PK_DEBUG_MPI;
201 items->name = "rsa.N";
202 items->value = &( ((mbedtls_rsa_context *) ctx)->N );
203
204 items++;
205
206 items->type = MBEDTLS_PK_DEBUG_MPI;
207 items->name = "rsa.E";
208 items->value = &( ((mbedtls_rsa_context *) ctx)->E );
209 }
210
211 const mbedtls_pk_info_t mbedtls_rsa_info = {
212 MBEDTLS_PK_RSA,
213 "RSA",
214 rsa_get_bitlen,
215 rsa_can_do,
216 rsa_verify_wrap,
217 rsa_sign_wrap,
218 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
219 NULL,
220 NULL,
221 #endif
222 rsa_decrypt_wrap,
223 rsa_encrypt_wrap,
224 rsa_check_pair_wrap,
225 rsa_alloc_wrap,
226 rsa_free_wrap,
227 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
228 NULL,
229 NULL,
230 #endif
231 rsa_debug,
232 };
233 #endif /* MBEDTLS_RSA_C */
234
235 #if defined(MBEDTLS_ECP_C)
236 /*
237 * Generic EC key
238 */
eckey_can_do(mbedtls_pk_type_t type)239 static int eckey_can_do( mbedtls_pk_type_t type )
240 {
241 return( type == MBEDTLS_PK_ECKEY ||
242 type == MBEDTLS_PK_ECKEY_DH ||
243 type == MBEDTLS_PK_ECDSA );
244 }
245
eckey_get_bitlen(const void * ctx)246 static size_t eckey_get_bitlen( const void *ctx )
247 {
248 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
249 }
250
251 #if defined(MBEDTLS_ECDSA_C)
252 /* Forward declarations */
253 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
254 const unsigned char *hash, size_t hash_len,
255 const unsigned char *sig, size_t sig_len );
256
257 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
258 const unsigned char *hash, size_t hash_len,
259 unsigned char *sig, size_t *sig_len,
260 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
261
eckey_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)262 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
263 const unsigned char *hash, size_t hash_len,
264 const unsigned char *sig, size_t sig_len )
265 {
266 int ret;
267 mbedtls_ecdsa_context ecdsa;
268
269 mbedtls_ecdsa_init( &ecdsa );
270
271 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
272 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
273
274 mbedtls_ecdsa_free( &ecdsa );
275
276 return( ret );
277 }
278
eckey_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)279 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
280 const unsigned char *hash, size_t hash_len,
281 unsigned char *sig, size_t *sig_len,
282 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
283 {
284 int ret;
285 mbedtls_ecdsa_context ecdsa;
286
287 mbedtls_ecdsa_init( &ecdsa );
288
289 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
290 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
291 f_rng, p_rng );
292
293 mbedtls_ecdsa_free( &ecdsa );
294
295 return( ret );
296 }
297
298 #if defined(MBEDTLS_ECP_RESTARTABLE)
299 /* Forward declarations */
300 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
301 const unsigned char *hash, size_t hash_len,
302 const unsigned char *sig, size_t sig_len,
303 void *rs_ctx );
304
305 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
306 const unsigned char *hash, size_t hash_len,
307 unsigned char *sig, size_t *sig_len,
308 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
309 void *rs_ctx );
310
311 /*
312 * Restart context for ECDSA operations with ECKEY context
313 *
314 * We need to store an actual ECDSA context, as we need to pass the same to
315 * the underlying ecdsa function, so we can't create it on the fly every time.
316 */
317 typedef struct
318 {
319 mbedtls_ecdsa_restart_ctx ecdsa_rs;
320 mbedtls_ecdsa_context ecdsa_ctx;
321 } eckey_restart_ctx;
322
eckey_rs_alloc(void)323 static void *eckey_rs_alloc( void )
324 {
325 eckey_restart_ctx *rs_ctx;
326
327 void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
328
329 if( ctx != NULL )
330 {
331 rs_ctx = ctx;
332 mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
333 mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
334 }
335
336 return( ctx );
337 }
338
eckey_rs_free(void * ctx)339 static void eckey_rs_free( void *ctx )
340 {
341 eckey_restart_ctx *rs_ctx;
342
343 if( ctx == NULL)
344 return;
345
346 rs_ctx = ctx;
347 mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
348 mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
349
350 mbedtls_free( ctx );
351 }
352
eckey_verify_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len,void * rs_ctx)353 static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
354 const unsigned char *hash, size_t hash_len,
355 const unsigned char *sig, size_t sig_len,
356 void *rs_ctx )
357 {
358 int ret;
359 eckey_restart_ctx *rs = rs_ctx;
360
361 /* Should never happen */
362 if( rs == NULL )
363 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
364
365 /* set up our own sub-context if needed (that is, on first run) */
366 if( rs->ecdsa_ctx.grp.pbits == 0 )
367 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
368
369 MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
370 md_alg, hash, hash_len,
371 sig, sig_len, &rs->ecdsa_rs ) );
372
373 cleanup:
374 return( ret );
375 }
376
eckey_sign_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,void * rs_ctx)377 static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
378 const unsigned char *hash, size_t hash_len,
379 unsigned char *sig, size_t *sig_len,
380 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
381 void *rs_ctx )
382 {
383 int ret;
384 eckey_restart_ctx *rs = rs_ctx;
385
386 /* Should never happen */
387 if( rs == NULL )
388 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
389
390 /* set up our own sub-context if needed (that is, on first run) */
391 if( rs->ecdsa_ctx.grp.pbits == 0 )
392 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
393
394 MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
395 hash, hash_len, sig, sig_len,
396 f_rng, p_rng, &rs->ecdsa_rs ) );
397
398 cleanup:
399 return( ret );
400 }
401 #endif /* MBEDTLS_ECP_RESTARTABLE */
402 #endif /* MBEDTLS_ECDSA_C */
403
eckey_check_pair(const void * pub,const void * prv)404 static int eckey_check_pair( const void *pub, const void *prv )
405 {
406 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
407 (const mbedtls_ecp_keypair *) prv ) );
408 }
409
eckey_alloc_wrap(void)410 static void *eckey_alloc_wrap( void )
411 {
412 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
413
414 if( ctx != NULL )
415 mbedtls_ecp_keypair_init( ctx );
416
417 return( ctx );
418 }
419
eckey_free_wrap(void * ctx)420 static void eckey_free_wrap( void *ctx )
421 {
422 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
423 mbedtls_free( ctx );
424 }
425
eckey_debug(const void * ctx,mbedtls_pk_debug_item * items)426 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
427 {
428 items->type = MBEDTLS_PK_DEBUG_ECP;
429 items->name = "eckey.Q";
430 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
431 }
432
433 const mbedtls_pk_info_t mbedtls_eckey_info = {
434 MBEDTLS_PK_ECKEY,
435 "EC",
436 eckey_get_bitlen,
437 eckey_can_do,
438 #if defined(MBEDTLS_ECDSA_C)
439 eckey_verify_wrap,
440 eckey_sign_wrap,
441 #if defined(MBEDTLS_ECP_RESTARTABLE)
442 eckey_verify_rs_wrap,
443 eckey_sign_rs_wrap,
444 #endif
445 #else /* MBEDTLS_ECDSA_C */
446 NULL,
447 NULL,
448 #endif /* MBEDTLS_ECDSA_C */
449 NULL,
450 NULL,
451 eckey_check_pair,
452 eckey_alloc_wrap,
453 eckey_free_wrap,
454 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
455 eckey_rs_alloc,
456 eckey_rs_free,
457 #endif
458 eckey_debug,
459 };
460
461 /*
462 * EC key restricted to ECDH
463 */
eckeydh_can_do(mbedtls_pk_type_t type)464 static int eckeydh_can_do( mbedtls_pk_type_t type )
465 {
466 return( type == MBEDTLS_PK_ECKEY ||
467 type == MBEDTLS_PK_ECKEY_DH );
468 }
469
470 const mbedtls_pk_info_t mbedtls_eckeydh_info = {
471 MBEDTLS_PK_ECKEY_DH,
472 "EC_DH",
473 eckey_get_bitlen, /* Same underlying key structure */
474 eckeydh_can_do,
475 NULL,
476 NULL,
477 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
478 NULL,
479 NULL,
480 #endif
481 NULL,
482 NULL,
483 eckey_check_pair,
484 eckey_alloc_wrap, /* Same underlying key structure */
485 eckey_free_wrap, /* Same underlying key structure */
486 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
487 NULL,
488 NULL,
489 #endif
490 eckey_debug, /* Same underlying key structure */
491 };
492 #endif /* MBEDTLS_ECP_C */
493
494 #if defined(MBEDTLS_ECDSA_C)
ecdsa_can_do(mbedtls_pk_type_t type)495 static int ecdsa_can_do( mbedtls_pk_type_t type )
496 {
497 return( type == MBEDTLS_PK_ECDSA );
498 }
499
ecdsa_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)500 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
501 const unsigned char *hash, size_t hash_len,
502 const unsigned char *sig, size_t sig_len )
503 {
504 int ret;
505 ((void) md_alg);
506
507 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
508 hash, hash_len, sig, sig_len );
509
510 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
511 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
512
513 return( ret );
514 }
515
ecdsa_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)516 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
517 const unsigned char *hash, size_t hash_len,
518 unsigned char *sig, size_t *sig_len,
519 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
520 {
521 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
522 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
523 }
524
525 #if defined(MBEDTLS_ECP_RESTARTABLE)
ecdsa_verify_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len,void * rs_ctx)526 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
527 const unsigned char *hash, size_t hash_len,
528 const unsigned char *sig, size_t sig_len,
529 void *rs_ctx )
530 {
531 int ret;
532 ((void) md_alg);
533
534 ret = mbedtls_ecdsa_read_signature_restartable(
535 (mbedtls_ecdsa_context *) ctx,
536 hash, hash_len, sig, sig_len,
537 (mbedtls_ecdsa_restart_ctx *) rs_ctx );
538
539 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
540 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
541
542 return( ret );
543 }
544
ecdsa_sign_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,void * rs_ctx)545 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
546 const unsigned char *hash, size_t hash_len,
547 unsigned char *sig, size_t *sig_len,
548 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
549 void *rs_ctx )
550 {
551 return( mbedtls_ecdsa_write_signature_restartable(
552 (mbedtls_ecdsa_context *) ctx,
553 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
554 (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
555
556 }
557 #endif /* MBEDTLS_ECP_RESTARTABLE */
558
ecdsa_alloc_wrap(void)559 static void *ecdsa_alloc_wrap( void )
560 {
561 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
562
563 if( ctx != NULL )
564 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
565
566 return( ctx );
567 }
568
ecdsa_free_wrap(void * ctx)569 static void ecdsa_free_wrap( void *ctx )
570 {
571 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
572 mbedtls_free( ctx );
573 }
574
575 #if defined(MBEDTLS_ECP_RESTARTABLE)
ecdsa_rs_alloc(void)576 static void *ecdsa_rs_alloc( void )
577 {
578 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
579
580 if( ctx != NULL )
581 mbedtls_ecdsa_restart_init( ctx );
582
583 return( ctx );
584 }
585
ecdsa_rs_free(void * ctx)586 static void ecdsa_rs_free( void *ctx )
587 {
588 mbedtls_ecdsa_restart_free( ctx );
589 mbedtls_free( ctx );
590 }
591 #endif /* MBEDTLS_ECP_RESTARTABLE */
592
593 const mbedtls_pk_info_t mbedtls_ecdsa_info = {
594 MBEDTLS_PK_ECDSA,
595 "ECDSA",
596 eckey_get_bitlen, /* Compatible key structures */
597 ecdsa_can_do,
598 ecdsa_verify_wrap,
599 ecdsa_sign_wrap,
600 #if defined(MBEDTLS_ECP_RESTARTABLE)
601 ecdsa_verify_rs_wrap,
602 ecdsa_sign_rs_wrap,
603 #endif
604 NULL,
605 NULL,
606 eckey_check_pair, /* Compatible key structures */
607 ecdsa_alloc_wrap,
608 ecdsa_free_wrap,
609 #if defined(MBEDTLS_ECP_RESTARTABLE)
610 ecdsa_rs_alloc,
611 ecdsa_rs_free,
612 #endif
613 eckey_debug, /* Compatible key structures */
614 };
615 #endif /* MBEDTLS_ECDSA_C */
616
617 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
618 /*
619 * Support for alternative RSA-private implementations
620 */
621
rsa_alt_can_do(mbedtls_pk_type_t type)622 static int rsa_alt_can_do( mbedtls_pk_type_t type )
623 {
624 return( type == MBEDTLS_PK_RSA );
625 }
626
rsa_alt_get_bitlen(const void * ctx)627 static size_t rsa_alt_get_bitlen( const void *ctx )
628 {
629 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
630
631 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
632 }
633
rsa_alt_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)634 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
635 const unsigned char *hash, size_t hash_len,
636 unsigned char *sig, size_t *sig_len,
637 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
638 {
639 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
640
641 #if SIZE_MAX > UINT_MAX
642 if( UINT_MAX < hash_len )
643 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
644 #endif /* SIZE_MAX > UINT_MAX */
645
646 *sig_len = rsa_alt->key_len_func( rsa_alt->key );
647
648 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
649 md_alg, (unsigned int) hash_len, hash, sig ) );
650 }
651
rsa_alt_decrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)652 static int rsa_alt_decrypt_wrap( void *ctx,
653 const unsigned char *input, size_t ilen,
654 unsigned char *output, size_t *olen, size_t osize,
655 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
656 {
657 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
658
659 ((void) f_rng);
660 ((void) p_rng);
661
662 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
663 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
664
665 return( rsa_alt->decrypt_func( rsa_alt->key,
666 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
667 }
668
669 #if defined(MBEDTLS_RSA_C)
rsa_alt_check_pair(const void * pub,const void * prv)670 static int rsa_alt_check_pair( const void *pub, const void *prv )
671 {
672 unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
673 unsigned char hash[32];
674 size_t sig_len = 0;
675 int ret;
676
677 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
678 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
679
680 memset( hash, 0x2a, sizeof( hash ) );
681
682 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
683 hash, sizeof( hash ),
684 sig, &sig_len, NULL, NULL ) ) != 0 )
685 {
686 return( ret );
687 }
688
689 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
690 hash, sizeof( hash ), sig, sig_len ) != 0 )
691 {
692 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
693 }
694
695 return( 0 );
696 }
697 #endif /* MBEDTLS_RSA_C */
698
rsa_alt_alloc_wrap(void)699 static void *rsa_alt_alloc_wrap( void )
700 {
701 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
702
703 if( ctx != NULL )
704 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
705
706 return( ctx );
707 }
708
rsa_alt_free_wrap(void * ctx)709 static void rsa_alt_free_wrap( void *ctx )
710 {
711 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
712 mbedtls_free( ctx );
713 }
714
715 const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
716 MBEDTLS_PK_RSA_ALT,
717 "RSA-alt",
718 rsa_alt_get_bitlen,
719 rsa_alt_can_do,
720 NULL,
721 rsa_alt_sign_wrap,
722 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
723 NULL,
724 NULL,
725 #endif
726 rsa_alt_decrypt_wrap,
727 NULL,
728 #if defined(MBEDTLS_RSA_C)
729 rsa_alt_check_pair,
730 #else
731 NULL,
732 #endif
733 rsa_alt_alloc_wrap,
734 rsa_alt_free_wrap,
735 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
736 NULL,
737 NULL,
738 #endif
739 NULL,
740 };
741
742 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
743
744 #endif /* MBEDTLS_PK_C */
745